Configuring Basic Acl; Applying Acl Rules On Ports; Applying Acl Rules To Ports In A Vlan - H3C S5600 Series Operation Manual

User defined ACL
Acl's step is 1
rule 0 deny src-ip 3001::1 64 dest-ip 3002::1 64

Applying ACL Rules on Ports

By applying ACL rules on ports, you can filter packets on the corresponding ports.
Configuration prerequisites
You need to define an ACL before applying it on a port. For information about defining an
ACL, refer to
ACL, Configuring User-defined ACL
Configuration procedure
Follow these steps to apply an ACL on a port:
To do...
Enter system view
Enter Ethernet port
view
Apply ACL rules on
the port
Configuration example
# Apply ACL 2000 on GigabitEthernet 1/0/1 to filter inbound packets.
<Sysname> system-view
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] packet-filter inbound ip-group 2000

Applying ACL Rules to Ports in a VLAN

By applying ACL rules to ports in a VLAN, you can add filtering of packets on all the ports
in the VLAN.
The ACL rules are only applied to ports that are in the VLAN at the time the packet-filter
vlan command is executed. In other words:
A port joining the VLAN later will not use the ACL rules for packet filtering.
A port leaving the VLAN later will keep using the ACL rules for packet filtering.
5000, 1 rule
Configuring Basic
Use the command...
system-view
interface interface-type
interface-number
packet-filter inbound
acl-rule
ACL, Configuring Advanced
and Configuring IPv6
1-14
ACL, Configuring Layer 2
ACL.
Remarks
—
—
Required
For information about acl-rule,
refer to ACL Commands.